On Thu, 16 Sep 2004 09:05:47 +0200 (CEST), Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On Thu, 16 Sep 2004, Rob H wrote: > > > The problem is that during busy periods many pages are being displayed > > with many broken images & frequently the browser (IE6) displays the > > "Cannot find server or DNS error" message. > > First consult your cache.log file to see if there is any obvious > complaints from Squid. >
Nothing out of the ordinary in the cache.log - just a few entries like this: 2004/09/17 09:29:52| urlParse: Illegal character in hostname '$$mainrs.privatewebservername' 2004/09/17 09:30:06| sslWriteClient: FD 120: write failure: (104) Connection reset by peer. - and I know that these are not related. However I do think I have narrowed it down to an NTLM or authentication issue - it is something I should have spotted a week ago, but as is typical - I have overlooked a simple thing whilst delving into the complicated. What I noticed was that firstly the problem was also occuring in non peak times also - it just appeared to be less frequent (or there weren't as many people screaming at me about it). I started browsing pages with 20+ images on them until I got a broken image - found the URL of that image and looked for it in the access.log. What I found where two TCP_DENIED/407 entries for the missing but no TCP_MISS, TCP_HIT (or any other entry related to that particular URL): 1095301093.729 1 10.49.4.164 TCP_DENIED/407 1660 GET http://gallery.yimg.com/c/100wm/11451783.jpg - NONE/- text/html I repeated this 10 times over a 2 hour period and saw the same result. I know that because of the NTLM handshake that the log shows two GET's resulting in TCP_DENIED entries followed by a GET resulting in a HIT or MISS - but in this case it appearingly randomly misses out on receiving the third GET. I have turned off authentication and browsing has been stable for the past 20 hours. My next step is to set up a sniffer to see if it is the client that is failing to send the request, or if the client is sending the request but squid isn't doing anything with it. Here are some relevant configs: squid.conf ------------------------------ auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 50 auth_param ntlm max_challenge_reuses 5000 auth_param ntlm max_challenge_lifetime 480 minutes auth_param basic program /usr/local/squid/libexec/wb_auth auth_param basic children 5 auth_param basic realm Proxy Server auth_param basic credentialsttl 2 hours external_acl_type NT_global_group concurrency=25 %LOGIN /usr/local/squid/libexec/wb_group acl AuthorisedUsers proxy_auth REQUIRED acl Group_WebBrowsers external NT_global_group Web_Browsers http_access allow AuthorisedUsers Group_WebBrowsers ------------------------------ samba.conf ------------------------------ [global] workgroup = OURDOMAIN password server = OURPDC server string = Proxy Server log file = /var/log/samba/log.%m max log size = 500000 security = domain socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = no preferred master = no wins support = no wins server= IP OF OUR WINS SERVER wins proxy = no dns proxy = no encrypt passwords = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind cache time = 120 ------------------------------ Thanks for your help and suggestions --- Regards, Rob Hadfield
